Cyber Security Threat Summary:
The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. BaFin is Germany’s financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers. The regulator is known for its law enforcement role in Germany and internationally. In recent years, it imposed $10M and $5M fines on the Deutsche Bank and the Bank of America, respectively, for various violations. The German agency informed today that it has taken all the appropriate security precautions and defensive measures to shield its operations from the hackers. Part of the response measures is to take BaFin’s public website at “bafin.de” offline; however, the organization assures that all other systems, which are crucial for its mission, work without restrictions. Although some users might be able to access BaFin’s website intermittently, it is mostly unavailable” (Bleeping Computer, 2023).

Security Officer Comments:
The DDoS attack against Germany’s financial authority has yet to be attributed to a known threat group. However, given Germany’s support for Ukraine in the ongoing war against Russia, it could be possible that pro-Russian hacktivists are behind the latest attack in retaliation for Germany providing financial and military equipment aid to Ukraine.

Given that BaFin’s public website is currently down, German users will be unable to access services including consumer and regulation information, as well as the agency’s investigation activities and findings. The website is also responsible for hosting a database of registered companies and public tenders, a job vacancies space, and a platform for whistleblowers to report violations anonymously, all of which have remained inaccessible. BaFin is currently working towards restoring public access to the site, but it cannot guarantee when.

Suggested Correction(s):
DDoS attacks are difficult to defend against as legitimate vs illegitimate packets are hard to distinguish between. Typical DDoS attacks will either abuse bandwidth or applications.

There are various methods of defending against DDoS attacks.

Sinkholing: In this approach, all traffic is diverted to a “sink hole” where it is discarded. The problem with this method is that both good and bad traffic is removed, and the business loses actual customers.

Routers and firewalls: Routers can be used to stop attacks by filtering nonessential protocols and invalid IP addresses, but when a botnet is using a spoofed IP address, this makes the filtering process worthless. Firewalls also have difficulties when actual IP addresses are spoofed.

Intrusion-detection systems: These solutions can leverage machine learning to recognize patterns to automatically block traffic through a firewall. These technologies are not always automated and may require fine tuning to avoid false positives.

DDoS mitigation appliances: Various vendors make devices designed to sanitize traffic through load balancing and firewall blocking. Organizations have had varying levels of success with such products, some legitimate traffic will get blocked, and some bad traffic will still get through.

Over-provisioning: Some organizations choose to leverage extra bandwidth to handle sudden spikes in traffic during a DDoS attack. This bandwidth is often outsourced to a service provider who can pick up the bandwidth during an attack. As attacks grow larger, this mitigation technique may become more expensive and less viable.

More information on DDoS Attacks by CISA:
https://us-cert.cisa.gov/ncas/tips/ST04-015

Link(s):
https://www.bleepingcomputer.com/ne...y-site-disrupted-by-ddos-attack-since-friday/